Data Privacy Day occurs annually on January 28 and is an international effort to raise awareness and promote privacy and data protection best practices.
What is Privacy?
Privacy: noun “freedom from damaging publicity, public scrutiny, secret surveillance, or unauthorized disclosure of one’s personal data or information, as by a government, corporation, or individual”
At Georgetown, protecting privacy is everyone’s responsibility. Each of us have an obligation to protect the data our students, faculty, staff, and alumni entrust to us. Failure to do so can result in a security breach such as undisclosed or unauthorized access and subject the University to reputational damage and financial strain, not to mention the damage it does for the individuals’ whose data has been compromised.
But what’s the connection between security and privacy? They are very much entwined. While security safeguards data, privacy safeguards an individual’s identity. Security employs technology and tools such as firewalls, authentication, tokenization, encryption and network limitations in order to achieve a level of protection against data breaches or leaks and unauthorized access. Paramount to security is also the processes and procedures used in order to protect the data. It is when these measures fail, that privacy is compromised.
Privacy is concerned with using data responsibly and being transparent to customers and consumers about why their data is being collected and with whom it is being shared. It involves consent and a level of trust between parties. Security controls can be met without involving privacy, however, privacy concerns can not be addressed without employing security.
Privacy at Georgetown
At Georgetown we must take care in our daily work to protect the privacy of those who entrust us with their data. While we have security controls in place on the systems and applications that store such data, it’s up to individuals to responsibly handle that data to protect privacy and abide by applicable laws and Georgetown policies. The University’s Data Stewards authorize access and release of data.
Ask yourself the below questions when handling data or receiving a request for data. If you have any questions about data handling contact firstname.lastname@example.org.
- Does the Data Steward need to be consulted?
- Who is asking? Do I know the person?
- What are they asking for? Is the request valid?
- Why are they asking for it? Is it for a legitimate purpose?
- Can I disclose the information requested? Does the person have a right to know?
- How much should I disclose? What’s the least amount of information the person needs to accomplish the job?